Systems and methods for redundant access control systems based on mobile devices and removable wireless buttons

ABSTRACT

Systems and methods for providing redundant access control systems with removable wireless buttons are disclosed. According to some embodiments of the invention, the systems and methods include a smart lock with a button that is enabled to communicate to a network device, a central access server, or an administrator device. When a user requests access to the lock, the removable wireless button communicates the request to the network device, administrator device, or central access server. The removable wireless button is configured to communicate directly to the central access server and the administrator device, or indirectly through a network device. The button may be detached from the cylinder and docked onto a recharge station. In some embodiments, the removable wireless button includes an inertial module motion sensor that determines whether a door is open or closed.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority to U.S. Provisional PatentApplication No. 62/189,193 filed on Jul. 6, 2015, which is incorporatedherein by reference in its entirety. The present application is relatedto U.S. patent application Ser. No. 15/060,327 filed on Mar. 3, 2016,which is also incorporated herein by reference in its entirety.

FIELD OF THE INVENTION

The present invention is related to locks and mobile devices, and moreparticularly, to systems and methods for controlling access to locksusing mobile devices redundant channels of access controls, andremovable wireless lock buttons.

BACKGROUND

Access control systems that use mechanical or mechatronic keys and lockscontinue to suffer from several drawbacks. Specifically, mechanicallocks and keys do not offer robust protection against theft, loss,unlawful entry, or unwanted copying. For example, where a key is lost orstolen, the lock would typically be replaced. Mechanical locks and keysalso do not provide near real-time information about how or when thekeys were used—if at all. This type of information may be highlydesirable for individuals and potentially critical for some businesses.Systems that use electronic lock and key systems to provide accessinformation are typically hard-wired into a door frame. Moreoverhard-wired solutions are entirely dependent on a direct or alternativeform of power supply and data connection to function efficiently.Hard-wired systems are generally expensive to install, perform poorly inoutdoor environments where temperature range varies greatly, and areincompatible with universal systems, such as the Europrofile cylinder.Still further, most traditional mechanical lock systems use keys thatmay only be used to access one door, and therefore, users who needaccess to multiple locks are inconvenienced by having to carry a bundleof different keys for their corresponding locks.

The wireless communication capabilities of mobile devices, such as forexample NFC and Bluetooth, provide an opportunity to improve accesscontrol systems that use mechanical or mechatronic keys. Specifically,the near field communication (NFC), Bluetooth, or similar wirelesscapabilities of mobile devices can be adapted for access control systemsby using the mobile device as an electronic key. Further, the capabilityto communicate access data in near real-time on some mobile devicespresents an opportunity to transfer information about how and when keysare used and locks are opened.

However, integrating mobile devices into access control systems stillpresents several drawbacks. As with mechanical lock and key systems,mobile devices do not offer robust protection against theft or unlawfulentry. Further, mobile devices typically rely on batteries as theirpower source, which often lose their charge before a user opens a lock.Moreover, mobile devices can be costly and impracticable for somebusinesses to implement across all of their assets. Still further,whether the mobile device is out of charge, out of range, or otherwiseunavailable, a user may not have access to the lock or the informationstored in it.

Additionally, to integrate mobile devices into access control systems,locks are generally equipped with NFC and wireless communicationdevices. However, these devices require a continuous and reliable sourceof power. While battery power supplies have been suitable for NFC orwireless devices, like mobile devices, they may lose charge or sufferfrom other failures unexpectedly, leaving a user without the ability toopen the lock via the mobile device.

Accordingly, what is needed is an access control system that is a secureand reliable alternative to mechanical locks, as well as mobile devicesthat provide redundant channels of access while providing usageinformation in near real-time, and provide redundant supplies of powerin case of failure or discharge. The access control system should beeasy to install, reduce the number of wired connections utilized, andfunction autonomously for prolonged periods of time. The redundantchannels of the access control system should allow users both with andwithout access to normal phones, smartphones, tablets, and similarmobile devices to access the lock. Additionally, the access controlsystem should allow a lock to communicate directly and in real-time witha network and users and devices connected to the network.

SUMMARY OF THE INVENTION

In various embodiments, the invention provides systems, methods, andapparatuses for controlling and monitoring an access control system.According to some embodiments of the invention, an access control systemincludes a smart lock that provides redundant access control. The smartlock includes a storage medium, a power source, a hardware processor, acylinder having a cam that engages a bolt, and a button that engages thecam to unlock the bolt.

The button includes a plurality of redundant access channels forreceiving authentication information. The redundant access channels mayinclude a biometric scanner for receiving biometric information, apasscode keypad, and/or a wireless transceiver for receiving a tokenfrom a mobile device and transmitting a response to the mobile device.

The smart lock is configured to validate authentication informationreceived from the passcode keypad, biometric scanner, and/or mobiledevice based on a set of rules determined by an administrator, andunlock the bolt if a user is authenticated through a first channel ofthe plurality of redundant access channels. If a user cannot open thesmart lock through the first channel, the smart lock is enabled to allowaccess through a second channel of the plurality of redundant accesschannels. In this way, when a user can no longer access a smart lockusing a first channel, the user may open the lock using a secondchannel.

Access control systems may include one or more smart locks. The systemsmay be accessed by users who request access to the smart locks, andcontrolled by masters or administrators who restrict access to the smartlocks. In some embodiments, users may access, and masters oradministrators may control access to smart locks from their respectivemobile devices in near real-time. Masters and administrators may usemobile devices to configure rules and access rights that control how andwhen a user may open a smart lock. In this way, an access control systemmay be provided that allows masters and administrators to control andmonitor users in near real-time, without having to install hard-wiredinternet or data connections onto a door or lock. Because the cylinderis adaptable to fit standard slots, door frames and lock systems do notneed to be modified or retooled.

In some aspects of the invention, masters or administrators mayconfigure rules and access rights that restrict how users access smartlocks. Access rights specify which locks users may access, and theconfigurable rules specify conditions that must be fulfilled beforeopening the smart lock. The rules thus allow a master or administratorto restrict a user's access based on location and time. In this way, amaster or administrator is enabled to precisely control how a user mayopen a smart lock.

Masters and administrators may require users to request a passcode ortoken each time an attempt is made to open the smart lock. When a usersubmits a request, a master or administrator may receive the request innear real-time and determine whether to grant the user access. Themaster or administrator may require the user provide additionalauthentication information, such as a password, to ensure the identityof the user. If the master or administrator determines to grant the useraccess, a token or passcode is transmitted to the user in nearreal-time. In some embodiments, the requests may be sent based upon atriggering event. Thus, a master or administrator may control a user'saccess on a case-by-case basis.

Passcodes may be fixed or dynamic. Dynamic passcodes enable masters oradministrators to grant users single-use or time limited access tolocks. Passcodes may be provided to the lock wirelessly from a mobiledevice or manually entered onto a keypad. Thus, users are enabled togain access to a lock with a passcode even if their mobile device isunavailable.

In some embodiments of the invention, the wireless transceiver of thesmart lock is configured to communicate to a mobile device, as well as anetwork device, a control access server, or an administrator device,directly and in near real-time. The lock may then receive communicationsfrom the network device, control access server, or administrator deviceinstructing the lock to grant or deny access to a user.

According to some embodiments of the invention, the smart lock includesa wireless modem configured to create a cellular broadband connectionand communicate to an administrator device or a central access server innear real-time. When a lock receives a token, a biometric scan, orpasscode, it may transmit a request for access to the lock based on aset of configurable rules. The lock may then receive an instruction togrant or deny the request for access from the administrator device orcentral access server in near real-time. In this way, if a user's mobiledevice is unable to communicate to an administrator device or a centralaccess server, the lock may establish a connection by itself to theadministrator device or central access server. Thus, the lock maycommunicate to the administrator device or central access server withoutrelying on the user's mobile device to relay communications.

In other embodiments of the invention, the smart lock may also beconfigured to communicate to a network device that relays thecommunications to the administrator device or central access server. Thenetwork device may be a wireless receiver, router, repeater, or similardevice that uses a near field wireless transmitter or a wireless LAN forestablishing a short range wireless connection. Thus, the smart lock maysimilarly create a connection to communicate to the administrator deviceor central access server without relying on the user's mobile device torelay communications.

The smart lock may include an inertial module. The inertial module isconfigured to determine a door status that indicates whether a door hasbeen opened or closed. The lock may similarly be configured to determinea bolt status that indicates the locked or unlocked position of thebolt. The lock is enabled to communicate the door status and bolt statusto the administrator device or central access server in near real-time.Thus an administrator device or central access server may determinewhether a door has been left open, shut closed, locked, or unlocked.

According to some embodiments of the invention, the button of the smartlock may be removable and rechargeable. The button may include arecharge interface that matches a recharging interface of a rechargestation. When the button's power is low, a user may remove the buttonand recharge the button with the recharge station. In yet furtherembodiments of the invention, the button may include an I/O port thatallows a user to power the button from, for example, an external device,or a recharge station. The I/O port further allows a user to retrieveaccess information stored on the button. Thus, while a button isrecharging on a recharge station, the recharge button may retrieveaccess information stored on the button through the I/O port. In someembodiments, the recharge station is coupled to a network connectionthat enables it to communicate access information to the administratordevice or central access server.

BRIEF DESCRIPTION OF THE FIGURES

The objects and features of the invention can be better understood withreference to the following detailed description and accompanyingfigures.

FIGS. 1A, 1B, 10, and 1D show access control systems according toembodiments of the invention.

FIGS. 2A, 2B, 2C, and 2D show smart locks for use in access controlsystems according to embodiments of the invention.

FIG. 3 shows a smart lock with rechargeable power sources according toembodiments of the invention.

FIG. 4 shows a process for opening a smart lock according to embodimentsof the invention.

FIG. 5 shows a process for registering triggering events in an accesscontrol system according to embodiments of the invention.

FIG. 6 shows a process for controlling access to smart locks in anaccess control system according to embodiments of the invention.

FIGS. 7A, 7B, 7C, 7D, and 7E show interfaces for controlling access tosmart locks in an access control system according to embodiments of theinvention.

FIGS. 8A, 8B, 8C, 8D, 8E, and 8F show interfaces for controlling tosmart locks in an access control system according to embodiments of theinvention.

FIGS. 9A, 9B, and 9C show user interfaces for accessing smart locks inan access control system according to embodiments of the invention.

DESCRIPTION OF THE INVENTION

Embodiments of the present invention include systems, methods, andapparatuses that enable users to open locks using redundant accesschannels, and allows masters or administrators to control a user'saccess in near real-time.

An exemplary access control system that provides redundant channels ofaccess to users while communicating usage information in near real-timeis shown in FIGS. 1A and 1B. The system includes one or more smart locks104, a central access server 105, and devices 101, 102, and 103 foraccessing and controlling the smart locks. Users open the smart locks104 through one or more access channels as described in more detailbelow. Masters and administrators control how the users access the smartlocks 104 from a master device 101 or administrator device 102. Usersmay communicate with masters, administrators, and open smart locks froma user device 103. Users may also open smart locks manually, without anyneed for a user device 103. A central access server 105 relays andstores information exchanged between a user and a master oradministrator in near real-time. It is noted that “near real-time”communications are communications that may appear as occurring inreal-time or substantially in real-time, but experience slight,unnoticeable or insignificant delays due to network infrastructure. Whena user can no longer open a smart lock through one of the accesschannels because, for example, the access channel is unavailable orbecomes inoperable, a user can open the smart lock through the otheravailable access channels. Thus, the access control system 100 enablesusers to open smart locks using redundant access channels, and allowsmasters or administrators to control a user's access in near real-time.

The master device 101 and administrator device 102 create and assignrules and access rights to users seeking to obtain access to one or moresmart locks 104. Access rights identify the smart locks 104 that eachuser is authorized to open. Rules add conditions that must be met beforea user is allowed to open a smart lock 104. For example, access rightsmay be configured by a master device 101 or administrator device 102 tospecify a group of smart locks 104 a user may open, while rules specifywhat day and time the user is allowed to open the particular smart lock.

As shown in FIG. 1B, master devices 101 and administrator devices 102are also configured to specify which access channels a user may use toprovide authentication information to open a smart lock 104. Asexplained in more detail below, an access channel may be for example,scanning biometric information into a biometric scanner 114, entering apasscode on a keypad 115, or wirelessly transmitting a token from amobile device 116. The smart lock may provide a combination of any orall access channels to the user. For example, a first access channel forregular or default use may be wirelessly communicating a token from auser's mobile device 116, and a second and third access channel may bethe biometric scanner 114 passcode keypad 115, respectively, for use inthe event that the first access channel becomes unavailable to the user.

The master device 101, administrator device 102, or user device 103 maybe mobile device, a software service, or a software application. Mobiledevices may be for example, a smartphone, tablet, or handheld. Mobiledevices include a touchscreen display 107, storage medium 108, andprocessor 109. In some embodiments, mobile device includes a wirelesstransceiver 110 for receiving and transmitting RFID, NFC or Bluetoothsignals, or over the mobile device's cellular or internet connection.

Central access server 105 may be a cloud-based server and may connect toa remote server 106. Remote server 106 may include a call center withagents for receiving user calls and access requests.

In some embodiments of the invention, the mobile device includes an NFCelement 111 which may be a SIM or SD card that is equipped with an NFCtransmitter. An NFC-enabled SD card may be placed into the SD card slotof the mobile device, providing a smartphone with NFC communicationscapability. Similarly, an NFC-enabled SIM card may be placed into theSIM card slot of the mobile device, providing a smartphone with NFCcommunications capability.

As shown in FIG. 1A, individuals in the access control system may havedifferent roles. For example, an individual may be a master,administrator, or user. A master can add, remove, and configure accessrights of administrators or users. Administrators can similarly add,remove, and configure access rights of users. Users are the individualswho seek access to a site secured by a smart lock. The access rights forindividuals may be configured for each user or administrator, or at amore general level for a group of users or administrators. Similarly, auser or administrator may be given access to a specific smart lock, orfor a group of smart locks.

For example, in a commercial setting of the access control system, themaster device 101 or administrator device 102 may be operated bysupervisors or managers who wish to control how and when their employeesaccess areas within a business. A business manager may designate asupervisor as an administrator, who can further designate one group ofemployees as users with access to a particular group of smart locks. Asanother example, in a residential setting the master device 101 oradministrator device 102 may be operated by parents to control accessto, and monitor access information of, people entering different areasof their house. Parents designating themselves as masters coulddesignate their babysitters as administrators and their children asusers, and specify which areas of the house the babysitters and childrenmay access and how or when they may access them. As described in moredetail below, the supervisors or parents may receive alerts or reportsof how and when the employees, babysitters, or children attempted toaccess the sites controlled by the smart locks 104.

The master or administrator of the access control system configures howusers open smart locks with a set of rules 112 and access rights 113.The access rights 113 identify each individual or group of individualsin the access control system, and each smart lock or group of smartlocks in the access controls system. The access rights 113 alsoassociate each individual with a smart lock. The set of rules 112specify what access channels can be used to open the smart lock, andwhat (if any) conditions are required to enable the individual to openthe smart lock. For example, parents designating themselves as mastersmay configure the access rights and rules for babysitters such that theymay open a smart lock using the passcode, or biometric scan. The rulesmay further be configured with conditions such that the babysitter mayonly open the smart lock on certain days of the week, or after theparents approve each request for access.

The access rights and rules may be stored in the mobile device of themaster, administrator, user, smart lock, or central access server. Asexplained in more detail below, a master or administrator may create,modify, or delete access rights and rules from a master device 101, anadministrator device 102, or the central access server 105. When amaster or administrator creates, modifies, or deletes an access right orrule, the access right or rule may be communicated to the central accessserver or mobile device of the user. The mobile device of the user maythen transmit the access right or rule to the smart lock as part of thetoken. When a user attempts to open the smart lock, the access rightsand rules may be checked from the mobile device or smart lock. Forexample, if the user provides a passcode or biometric scan, the smartlock may check the access rights and rules to determine if a user isauthorized to open a smart lock on a given day or time. As anotherexample, before transmitting a token to a smart lock, the user's mobiledevice may check the access rights and rules to determine if the user isauthorized to open a particular smart lock. If the user does not haveauthorization, the mobile device will not transmit the token to thesmart lock. In some embodiments of the invention, the access rights andrules may be checked from the master device 101, administrator device102, or central access server 105.

Smart locks may be installed to secure specific areas or rooms within asite, enabling the master or administrator to precisely control where anindividual may gain access. For example, in a cell tower, smart locksmay be installed on the front door of a facility, a door of a storageroom, and a door of a cabinet, where batteries, copper cables,electronic equipment and other assets that are commonly a target fortheft are secured. A business manager (e.g., master) may then grantcertain employees (e.g., users) access to the facility, whilerestricting access to the storage room and cabinet door to a select fewemployees. As described above, the business manager may furtherconfigure rules to specify how the employees access the smart locks, andwhat (if any) conditions enable the employee to obtain access.

As another example, the areas within a site may be, for example, abasement, backyard, bedroom, front gate, fitness center, or garage.Thus, in the residential setting a parent may enable a babysitter toaccess a basement, backyard, or the parent's bedroom, but only duringthe specific time interval that the babysitter is babysitting. Asdescribed below, the parent may further configure the rules to grant thebabysitter conditional access rights that require the babysitter torequest permission each time he or she seeks access to a smart lock.Parents may further configure the access rights and rules to grantchildren access to different areas or rooms within the home, and underheightened restrictions. For example, the parent may configure theaccess rights and rules to deny children access to rooms in the house,such as the basement, or restrict access to areas such as the fitnesscenter during a specific time of day. Parents may further configure therules to specify which access channels the children may use to accessthe area, such as for example, using the child's fingerprint to access abackyard.

According to some embodiments of the invention, a user opens one or moresmart locks 104 by wirelessly communicating 116 from the user's mobiledevice to the smart lock. By using the wireless capabilities of theuser's mobile device, the smart lock 104 may be linked to the centralaccess server 105 without a direct connection between the two. In thisway, access to a smart lock 104 may be controlled remotely and withoutthe need for implementing a hard-wired system on a door frame or lock.

As described above, smart lock 104 may be opened by wirelesslytransmitting a token from the user's mobile device to the smart lock104. A token contains a passcode that includes letters, numbers,symbols, or any combination thereof. The passcode may be dynamic orfixed, as discussed in more detail below. A smart lock 104 validates thetoken based on access rights and rules determined by the master oradministrator and by comparing the received passcode with a passcodeproduced by a process stored in the smart lock 104. If the receivedpasscode matches the passcode produced by the process, the smart lock104 will accept the token. The smart lock 104 communicates to the user'smobile device 103 whether the token has been validated based on theaccess rights and rules and whether it matches the token produced by thestored process. This information may then be sent from the user mobiledevice 103 to the central access server 105, where it may be relayed asa notification or alert to a master device 101 or administrator device102.

Master devices 101 and administrator devices 102 are configured tospecify whether a user can access a smart lock 104 with the wirelesscapabilities of the user's mobile device, and what access rights theuser has. For example, the master devices 101 and administrator devices102 may specify whether a user's access rights to a particular smartlock 104 or group of smart locks 04 are fixed or conditional.

Conditional access rights allow a master or administrator to approveeach attempt by a user to open a smart lock 104. For example, when auser with conditional access rights attempts to access a smart lock 104or group of smart locks 104, the system will alert a master device 101or administrator device 102 that the user 103 is seeking access to thesmart lock 104, and in near real-time request the master device 101 oradministrator device 102 to grant the user access to the smart lock 104.The user may then determine whether to grant or deny the user access.The determination may be based on additional conditions or verificationsteps. For example, the master or administrator may request the userprovide identification information that proves the user's identity orauthenticity, such as for example, an additional password. As anotherexample, the master of administrator may deny the user access becausethe user was not intended to access that particular smart lock 104, orwas not intended to have access on that particular day or time. If themaster or administrator determines the user's access to the smart lock104 should granted, the master device 101 or administrator device 102may then provide the user with a token as described in more detailbelow. If the master or administrator determines the user's access tothe smart lock 104 should be denied, the master device 101 oradministrator device 102 does not provide the user with a token, and theuser will be unable to open the smart lock 104. In this way, a masterdevice 101 or administrator device 102 may allow or deny access to asmart lock 104 in near real-time. In some embodiments, when the masteror administrator determines whether to grant or deny the user access,the master device 101 or administrator device 102 sends an alert to theuser notifying the user that their request for access has been grantedor denied.

Fixed access rights allow users to obtain access to a smart lock 104without first receiving approval from a master device 101 oradministrator device 102. For example, a user may be granted fixedaccess rights to open a particular smart lock 104 without restriction.Such fixed access may be provided with a fixed passcode, for example,which a user may enter on the keypad of the smart lock 104. The user maythen open the smart lock 104 with the fixed passcode without firstrequesting approval from a master device 101 or administrator device102. In some embodiments the user's mobile device 103 may still informthe master device 101 or administrator device 102 when a user with fixedaccess rights has accessed or attempted to access a smart lock 104. Forexample, after a user enters a fixed passcode on the smart lock keypad,the smart lock may communicate to the user's mobile device that itreceived a valid fixed passcode and unlocked the smart lock. The user'smobile device may then notify a master device 101, administrator device102, or central access server 105, in near real-time that the useraccessed and unlocked the smart lock 104.

The master device 101 and administrator device 102 may also be used toallow a user to open one or more smart locks 104 with a passcode enteredon a keypad 115 or biometric scan 114. These access channels enable auser to obtain access to a smart lock 104 without using a mobile device,because as described in more detail below, a passcode or biometric scanmay be manually input by the user. In this way, a user may obtain accessto a smart lock 104 in the event they do not own a mobile device, ortheir mobile device is lost, broken, or otherwise incapable oftransmitting a token wirelessly to the smart lock 104. Thus, accordingto some embodiments of the invention, the keypad for entering a passcodeor biometric scan serve as redundant access channels that provide theuser with access to the smart lock 104. In other embodiments of theinvention, the keypad for entering a passcode or biometric scan mayserve as a primary or default access channel, and wirelesslycommunicating from the user's mobile device to the smart lock 104 mayserve as the redundant access channel. In yet further embodiments of theinvention, users may be required to authenticate themselves using acombination of alternative access channels. For example, a user may berequired to provide a combination of a dynamic passcode and afingerprint before being granted access to a lock.

As described above, a token may include a passcode that may bewirelessly transmitted from a user's mobile device 103 to a smart lock104. As described in more detail below, the passcode may also bedisplayed on the user device so that the user may manually enter it ontothe keypad of the smart lock 104. A smart lock 04 validates the fixedpasscode by comparing the entered passcode to passcodes generated byprocesses stored on the smart lock 04. If the process generates amatching passcode, the smart lock 104 will grant the user access.

In some embodiments of the invention, the passcode may be a dynamicpasscode generated by a Code Generation System (CGS). A dynamic passcodeis a unique, single-use, time-limited or one-time passcode that isgenerated by the central access server upon request. The passcode isbased in part on the time the passcode was requested.

According to some embodiments of the invention, the generation of thepasscode provided to the user is based on unique information about theuser's mobile device and the time the passcode is requested or beinggenerated. For a mobile device, the passcode may be based on, forexample, the International Mobile Equipment Identity (“IMEI”), thenetwork ID of the mobile device, or a combination of the two IDs, andthe time the request was sent from the mobile device.

Alternatively, the passcode may be fixed. A fixed passcode does notchange or expire, may be used more than once, and may be obtainedwithout request from a master or administrator. Masters oradministrators who wish to prevent fixed passcodes from beingcompromised may require fixed passcodes to be used in conjunction withother information or a biometric scan.

A user may request a dynamic or fixed passcode by contacting a master oran administrator. For example, the user's mobile device 103 may includea mobile application that allows the user to send a request for apasscode to a master device 101 administrator device 102, or centralaccess server 105, over the mobile device's cellular data, WiFi orNFC/Bluetooth connection. As another example, a user may submit arequest by placing a voice call or sending a text message to a master,administrator, or central access server agent from the user's mobiledevice. In this way, a user may send a request even when the mobiledevice is unable to connect to the internet, or is not equipped with adata or internet connection.

In some embodiments of the invention, smart lock 104 may be opened byproviding a biometric scan of a user. As described in more detail below,smart locks 04 include a storage medium 201 that may store biometricdata for each user that was granted access to the lock. Biometric datamay include, for example, fingerprints of each user. When the userreceives a biometric scan, the smart lock 104 compares the scan to thebiometric data stored at the smart lock 104. If the scan matches thestored biometric data, the smart lock will grant the user access. Whenthe biometric scanner is used as a redundant access channel, a user mayprovide a biometric scan if, for example, the user does not have orloses his or her mobile device and is incapable of obtaining a token orpasscode.

FIG. 10 shows the smart lock 104 is coupled to a master device 101,administrator device 102, or a central access server 106, therebybypassing the mobile device, according to some embodiments of theinvention. For example, the smart lock 104 may be coupled to a networkdevice 117, that relays the communications to the master device 101,administrator device 102, or central access server 106. Network device117 may be, for example, a wireless receiver, router, repeater, orsimilar device. As another example, the smart lock 104 may engage intwo-way communication directly with the master device 101, administratordevice 102, or central access server 106 over a cellular broadbandconnection as described in more detail below.

In configurations where the smart lock 104 communicates to a networkdevice 117 as shown in FIG. 10, the smart lock 104 may use a near fieldwireless transmitter or a wireless LAN for establishing a short rangewireless connection. The connection may be established using, forexample, Bluetooth, NFC, ZigBee or similar short range wireless networktechnologies. For example, the network device 117 may be a wirelessrepeater, extender, or router located within the home, and communicateto the smart lock using Bluetooth. The network device 117 may then becoupled to a master device, an administrator device, or a central accessserver, using a network connection, such as an internet, Ethernet orsimilar connection. The network device 117 may then relay thecommunication from the smart lock to the master device, administratordevice, or central access server, in near real-time. Thus, even when auser's smartphone or mobile device is stolen or inoperable, the smartlock is enabled to communicate to the master device, administratordevice, or central access server, in near real-time.

In some embodiments of the invention, the smart lock may includewireless transmitters that communicate directly to a central server oradministrator, as shown in FIG. 1D. For example, the smart lock 104 mayinclude a cellular broadband or wide area network connection thatenables the button to communicate to a master device 101, administratordevice 102, or central access server 106 directly. The lock may includea wireless modem for creating a cellular broadband connection andcommunicate information in near real-time. For example, the modem may bean Intel XMM 6255 3G modem that is embedded on a chipset in the lock. Infurther embodiments, the modem may be a USB dongle, data card, orsimilar device for providing access to a cellular network and may becoupled to the lock through an I/O port as described in more detailbelow. The cellular network may be for example, a GSMIGPRS, EDGE, UMTS,HSDPA, HSPA, HSPA+, CDMA, LTE, or similar cellular network.

Enabling the smart lock to communicate to a master device, administratordevice, or central access server, provides additional control over usersaccessing a smart lock. For example, the smart lock may be configured totransmit a request to a master device or administrator device forapproval each time the user attempts to gain access to a smart lock.Thus a master or administrator may approve each request for access evenwhere a user is attempting to gain access using a passcode or biometricscan.

As another example, the smart lock may use the connection to the masterdevice, administrator device, or central access server to verify a useris authorized to open the smart lock. Specifically, after receivingauthentication information, the smart lock may communicate to a masterdevice, administrator device, or central access server, which checks aset of configurable rules to verify that the user is authorized toaccess the smart lock.

In another aspect of the invention, the master device, administratordevice, or central access server may communicate instructions to thesmart lock to perform certain functions or processes. For example, ifthe central access server determines that the bolt of the smart lock isunlocked, the central server may instruct the smart lock to lock thebolt. In this way, if an administrator or user leaves a home withoutremembering whether he or she locked the door, the administrator or usermay confirm that the door is unlock, and if so, lock it remotely. Inother embodiments, the master device, administrator device, or centralaccess server may communicate instructions to the smart lock to blockcommunications received from certain devices, or biometrics receivedfrom certain users. For example, if a user's mobile device has beenreported as lost or stolen, the master device, administrator device, orcentral access server may instruct the smart lock to block anycommunications it receives from that particular mobile device.Similarly, a master device, administrator device, or central accessserver may send an instruction to a smart lock that a particular usershall no longer be allowed to use their biometric scan to unlock a smartlock, and report any such biometric scans it receives from that user.

According to some embodiments of the invention, the button includes aninertial module to detect and measure the movement and position of adoor. The inertial module may include a combination of sensors fordetecting and measuring movement and/or position, such as for example, aMEMs-based accelerometer, gyroscope and/or a magnetometer. TheMEMs-based accelerometer may be 1-, 2-, or 3-axis accelerometers, andthe measurements may include, for example, the door's velocity andacceleration over these axes. The measurements provided by theaccelerometer may be filtered and analyzed to determine whether themotion correlates to the opening or closing of the door. Other sensorsthat may be used may include magnetic sensors, such as a magneticswitch, that generate measurements in response to changes in theirmagnetic fields. Potentiometers may also be used to generate signalscorresponding to the angular movement and position of the hinge of thedoorframe. Yet other embodiments may include optical or ultrasonicsensors that measure reflections in light or sound waves as the dooropens or closes.

Measurements made by the sensors of the inertial module are used totrack changes in position and door movement, enabling the button todetermine if the door is open or closed shut. In some embodiments, thebutton may determine whether the door is open or closed by comparing thesensors measurements with known acceleration and/or movement profilesassociated with the opening and closing of a door. For example, themovement of a closing door may be characterized by changes in itsacceleration; if a sharp increase in acceleration (i.e., a user pushingthe door), is followed by an abrupt decrease (i.e., the door contactingthe door frame and closing shut), the button may determine that the dooris shut. As another example, the movement of a closing door may becharacterized by its speed; if the speed or acceleration reaches amaximum threshold, it may be determined that the door has reached avelocity or speed such that it would eventually close shut. Similarly,if the speed or acceleration of the door never reaches a minimumthreshold, it may be determined that the door was not pushed withsufficient force to shut close. The button may be configured to keeptrack of what times the door was opened or closed. For example, thebutton may record when the door was opened or closed by keeping a log inthe storage medium of the smart lock.

In further aspects of the invention, these sensors may be used to detectwhether the bolt of the lock cylinder has been rotated, therebyindicating whether a user has locked or unlocked a door. For example,the accelerometer may be used to detect the rotation of the button thatcauses the bolt to extend into a door mortise. The button may also beconfigured to keep track of what times the cam has been engaged to lockor unlock the bolt. In some embodiments of the invention, the button mayincorporate the locked or unlocked status of the bolt to confirm whethera door was opened or closed. For example, if the button detects that thedoor was closed, the button may confirm that it was closed bydetermining whether the bolt changed from an unlocked state to a lockedstate, indicating that the door was shut closed, and locked.

In some embodiments of the invention, the button communicates whetherthe door is opened, closed, locked or unlocked to a network device, anadministrator device, a master device, or a central access server. Inthis way, a user may remotely determine whether their door was left openor shut closed.

FIGS. 2A and 2B show a smart lock according to some embodiments of theinvention. The smart lock includes a storage medium 201, a power source202, a hardware processor 203, a cylinder 204, and a button 205. Thesmart lock may also include a wireless transceiver 206, a passcodekeypad 207, and a biometric scanner 208. The cylinder includes a cam 209that engages a bolt (not pictured). A user provides authenticationinformation to the smart lock, which is validated by the hardwareprocessor 203 and storage medium 201. Authentication information may be,for example, a user's scanned fingerprint, a passcode entered onto thekeypad, or a token wirelessly transmitted from the user's device. Whenthe smart lock validates the authentication information, the button 205engages the cam 205, which unlocks the bolt. Storage medium 201 storesinformation and data for validating authentication information, keepinglogs of access events and smart lock usage, and identifying the smartlock. For example, the storage medium may store biographic data of usersauthorized to open the lock or unique identification numbers thatidentify the smart lock.

The hardware processor 203 is configured to validate authenticationinformation received from the access channels based on the access rightsand rules determined by a master or administrator. The hardwareprocessor may unlock the bolt when a user is authenticated through anaccess channel. In one aspect of the invention, when the first redundantaccess channel becomes unavailable to the user, the hardware processor203 is configured to allow access through a second redundant accesschannel to unlock the bolt.

In some embodiments, the smart lock includes a wireless transceiver 206for receiving and transmitting RFID, NFC or Bluetooth signals to auser's mobile device. As described above, a user may wirelessly transmita token to a smart lock 104. When the wireless transceiver 206 receivesthe token, the smart lock validates the token as described above. Thewireless transceiver may also communicate access information to theuser's mobile device. Access information provides details about accessevents, such as which users have accessed the smart lock and when theywere accessed. Access information may be stored in the smart lock'sstorage medium 201. Access information is stored at the smart lock untila mobile device accesses the lock, at which point the smart lock willtransmit the access information to the user's mobile device. The mobiledevice will then communicate the access information to the centralaccess server. When the user's mobile device is stolen or unable toreceive wireless communications, the smart lock will wait until the nextcapable mobile device attempts to access the smart lock.

The smart lock cylinder 204 is adaptable to fit a standard profile slot.In some embodiments of the invention, the cylinder 204 of the smart lockis a Europrofile (or “Euro DIN”) design. In other embodiments, thecylinder may be an oval, round, Scandinavian, Japanese, Union or Schlagetype of profile. However, where Europrofile cylinders typically includea rotatable knob on the inside of the door for engaging or disengaging abolt, the smart lock instead has a freely rotating button 205. Thefreely rotating button 205 may be spun several times around its axis, incontrast to knobs which are typically rotated a half- or quarter-turn toengage or disengage a bolt. As explained in more detail below, spinningthe freely rotating button 205 generates rotational energy that may beused to energize and recharge the power source 202 inside the lock forseveral days.

When the user's authentication information has been validated, the smartlock is enabled to engage the bolt. Specifically, the button 205 may bepushed inwards activating a clutch that engages the cam 209. As the usercontinues to rotate the button 205, the cam 209 moves the bolt from alocked position to an unlocked position. The user will not be able toopen the smart lock until he or she has been authorized to access a site(for example, by wirelessly transmitting a token, providing a biometricscan, or entering a passcode on a keypad). Until the user has beenauthorized, the button is freely rotating, and will not engage the cam.

As shown in FIG. 2A, the button is disposed at the end of the cylinderfacing the outside. In one aspect of the invention, the smart lock usesa single button, which enables the smart lock to be adapted fordifferent sizes or lock formats. For example, the freely rotating button205 may also be adapted for single-entry locks, button entry locks,double entry locks and padlocks. Padlocks, for example, may only includea freely rotating button without requiring an interior knob.

FIG. 2B shows a front view of the cylinder according to some embodimentsof the invention. The button may include several access channels, suchas a passcode keypad 207 and biometric scanner 208, which may beconcealed by a cap 210. In situations where a user cannot unlock a doorusing their mobile device to wirelessly transmit a token (e.g., a user'smobile device is stolen or the device's batteries have been drained),the user may gain access by using a numeric keypad to enter a passcode,or by using a biometric scanner.

As FIG. 2C shows, the smart lock includes a knob or second button 211disposed at the opposite end of the cylinder 204 facing the inside,according to some embodiments of the invention. The outer button 205 mayhave a longer radius and larger thickness than the interior button 211,which as explained in more detail below, may reduce the force or speedthat is needed to rotate the button and charge its internal powersources. In embodiments where the smart lock includes an interior button211, the interior button 211 may engage or disengage the bolt withoutthe need to provide authentication information to the smart lock orrequesting access from a master or administrator. Thus, a user may lockor unlock the door to exit the inside of a site at any time.

FIG. 2D shows the button is detachable from the cylinder in someembodiments of the invention. The detachable button may include arecharge interface 213 and input/output port (“I/O port”) 214. The powersource 202 may be a rechargeable power source, such as for example, acapacitor bank, a rechargeable battery, or similar device. As describedin more detail below, the button may also include an energy harvestingelement 216. By removing the button from the cylinder, a user may takethe button to a recharging station 215 where its charge may be restored.Recharge station 215 may be coupled to a power outlet, where charge maybe transferred through recharge interface 213 to the rechargeable powersource 202. Recharge interface 213 may be, for example, a wire, plug, orone or more contact pins for receiving current from a recharge station215 with a matching interface. When the recharge interface is coupled toa recharge station 215 with a matching wire, plug or contact pinconfiguration, the recharge station 215 supplies the button with power.Rechargeable power source 202 stores the charge received from therecharge station 215.

The button may also be charged through I/O port 214. I/O port 214 maybe, for example, a USB, Firewire, Thunderbolt, e-SATA, Ethernet, orsimilar port for transferring power and/or data. In some embodiments ofthe invention, the I/O port 214 may receive power from an externaldevice, such as a portable battery charger, with a matching interfacethat is enabled to deliver charge. For example, the external device maybe a battery pack with a USB connection. In yet further embodiments ofthe invention, the I/O port 214 may receive power from a rechargestation 215 with a matching port interface. Recharge station 215 maytransfer power from a power outlet to the power source 202 of the buttonthrough I/O port 214.

Recharge station 215 may be coupled to master device 101, administratordevice 102, or central access server 106. For example, recharge station215 may include an Ethernet port or WiFi transmitter for establishing aninternet connection and communicating to master device 101,administrator device 102, or central access server 106. While connectedto I/O port 214, recharge station 215 may retrieve data stored instorage medium 201. As described above, such data may include, forexample, information and data for validating authentication information,keeping access information such as logs of access events and smart lockusage, and identifying the smart lock. Recharge station 215 may thensend the data retrieved from the storage medium 201 to master device101, administrator device 102, or central access server 106. Thus, whilethe button is recharging, it may communicate access information to otherdevices or the central access server.

According to some embodiments of the invention, the I/O port may be usedto connect the smart lock to a wireless modem. For example, a USBdongle, data card, or similar device for providing access to a cellularnetwork may be inserted into the I/O port, enabling the smart lock tocommunicate to a master device, administrator device, or central accessserver over a cellular broadband connection.

In some embodiments of the invention, valid credentials are required inorder to release the button from the cylinder. For example, the buttonmay only be removed when a valid passcode or biometric scan has beenreceived. In this way, when the button is disposed on the exterior faceof the door, the button may not be stolen or removed by thieves orunwanted vandals. In other embodiments, the button may be configured tobe removed from the cylinder without the need for providing credentials.For example, when the button is disposed on the interior face of thedoor, facing the inside of a home, the button may be removed at anytime.

According to some embodiments of the invention, the smart lock includesa button disposed on the interior face of a door and a button disposedon the exterior face of a door. In this configuration, the buttondisposed on the interior face of the door may be removable andrechargeable while the button disposed on the exterior face of the dooris neither detachable nor rechargeable. The external button thus drawspower from the power source of the interior facing button. In this way,an energy-efficient dual button smart lock may be provided having anexternal button resistant to tampering from the outside.

As explained above, the tokens communicated by the mobile devices maycontain a passcode, such as a dynamic passcode for single-time usage. Inone aspect of the invention, the passcode may be generated andcommunicated from the mobile device automatically such that nointeraction is required from the user. Specifically, a user's mobiledevice may determine or detect it is in the vicinity of a smart lock.For example, using the location-based capabilities of the mobile device,the mobile device may determine that the user is approaching a site. Insome embodiments, the determination may be aided by analyzing past userpatterns, and infer that the user is returning home from work and is onhis or her way to open their home door. The mobile device mayalternatively make this determination by using its NFC/Bluetooth orwireless capabilities. Upon detecting the lock, the mobile device mayidentify the lock and the site that the lock secures. The mobile devicemay then automatically communicate this information to the centralaccess server to determine if the user is allowed to access the smartlock. If the user meets all the conditions for accessing the lock (e.g.,the user is allowed to access the lock at the particular time and day),then the access control system will generate a dynamic passcode. Thedynamic passcode may be generated at a master device, an administratordevice, or the central access server and then transmitted to the mobiledevice, or alternatively, it is generated by a mobile application on themobile device of the user. The mobile device may then transmit thepasscode to the smart lock, which validates the passcode using a processstored in the lock. Once the passcode has been validated, the user maypush the button inwards and engage or disengage the bolt using a clutchsystem. If the user is not allowed to open the lock, the administratorwill receive a notification that an unauthorized user attempted to openthe lock.

According to some embodiments of the invention, the button includes alight indicator 212 that changes color based on the mode of operation.For example, if authentication information has been accepted, thelighting glows green; if authentication information has been rejected,it glows red; in standby mode it glows blue.

As described above, the smart lock is powered by power source 202. Insome embodiments of the invention, the button includes redundant powersources, as shown in FIG. 3. The redundant power sources may be used toenergize the storage medium, wireless transceiver, and lightingindicator, in the event that one of the power sources fail. A redundantpower source may be, for example, a bank of capacitors or batteries 301located inside the button. When the batteries or capacitors are low oncharge, the button may communicate this information to the next mobiledevice that accesses the lock. The mobile device may then communicatethis information to a master or administrator. Alternatively, a lowcharge or battery level may be communicated using the color indicators.

In other embodiments, the button has a bank of capacitors 301 that arecharged by the rotational movement of the button. The energy stored bythe rotational movement is sufficient to last for several days, andprovides a convenient, reliable, and redundant source of power shouldanother power supply (e.g., batteries) fail. The button freely rotatesabout its central axis generating a high level of kinetic energy.Whereas some knobs are limited to quarter or half-turns, the button maybe spun a full revolution. Similar to the winding of a crown on a watch,the rotational movement of the button is harvested and translated byelements inside the button into electrical energy, and stored for futureuse. The greater the number of revolutions the button is spun, thehigher the charge that is stored inside the lock. In one exemplaryembodiment, the rotational movement of the button drives a series ofgears and springs 302 that transfer the rotational energy generated byturning the button. Because the springs and gears 302 inside the lockmay be smaller than the button, the button can be spun at a lower speedand torque. Thus, the amount of force to energize the lock may bereduced by proportionately tailoring the size of the button to the gearsand springs inside the lock.

In other embodiments, the rotational movement of the button is appliedto a piezo element 303. When a user rotates the button, the rotationalmovement of the button is applied to a piezo element that generatespiezoelectricity which is then transferred and stored in a capacitorbank or battery as charge. The piezoelectricity may be generated bystrain, tension, or torsion from the spinning of the button. The strain,tension, or torsion is applied to the piezo element and creates electriccharge that may be stored in a capacitor bank. In other embodiments,piezoelectricity may be generated by converting the rotational movementinto vibrational energy. Specifically, the gears or springs inside thebutton may come into contact with a piezo flap that vibrates with everyturn of the button.

In other embodiments, the rotational movement may additionally beconverted into electrostatic or electromagnetic energy. For example, therotation of the button may be used as the mechanical energy that rotatesan armature in an electrical generator 304. In further embodiments, therotational movement of the button may be stored in a spring or similarmechanical device.

In some aspects of the invention, the button may be recharged by bothharvesting the rotational movement of the button, or through a rechargeinterface. In this way, if the energy harvesting components cease tofunction correctly, the recharge interface will still be available torecharge the button, and vice versa. Thus, the recharge interface andenergy harvesting components may operate in a complementary fashion toensure the button is capable of being recharged.

Although FIGS. 2A-D and 3 depict several components inside the button,in other embodiments of the invention, these components may be placedoutside of the button. For example, the wireless transceiver, memory,hardware processor, and capacitor/battery bank may be disposed outsideof the cylinder and button in a lock case. These components may becoupled to the button through the cylinder. In other embodiments, thesecomponents may be inside the cylinder core, or inside a door rose.

FIG. 4 shows a process for using a lock with access channels accordingto embodiments of the invention. In step 401, a user chooses a firstaccess channel. If the channel is available as shown in step 402, theuser may provide authentication information 404. For example, if theaccess channel is wirelessly transmitting a token to the smart lock, itmay be determined that the access channel is unavailable if, forexample, the user's mobile device is lost, stolen, or drained. If thefirst access channel is unavailable, then a second redundant accesschannel is selected 403. For example, the second redundant accesschannel may be a biometric scan or passcode that is entered on the smartlock's keypad.

The smart lock validates the authentication information as shown in step405. As described above, if the authentication information includes atoken or passcode, the token or passcode is compared to a token orpasscode produced by a process stored on the smart lock. If theauthentication information is a biometric scan, then the scanned data iscompared to biometric data stored at the smart lock. In this way, theinvention provides redundant channels of access that ensures users canaccess a lock even when their mobile device is lost or inoperable.

If the authentication information is validated, then the access rightsare checked to determine whether the user is authorized to access thesmart lock, as shown in step 406. For example, it is determined whetherthe master or administrator allowed the user access to a smart lock atthe given day or time. If the user is authorized to open the lock, thenthe user is granted access, and the button may engage the cam to openthe smart lock 407. If the authentication information is not valid, orthe master or administrator decided to deny the user access to the lock,the button will not engage the cam and open the smart lock 408. Asdescribed above, the rules and access rights may be checked at the userdevice, the central access server, the master device, or theadministrator device.

FIG. 5 shows a process for controlling a lock with access channelsaccording to embodiments of the invention. In step 501, a triggeringevent is registered. Triggering events may be used to initiate theprocess of opening a smart lock automatically. A triggering event may befor example, when a user's mobile device has come within a predetermineddistance (e.g., 10 feet) of the smart lock. The triggering event maythen, for example, cause the mobile device to automatically transmit atoken to the button.

Triggering events may be registered based on other capabilities of themobile device. For example, if the mobile device has gesture recognitionsensors and software, a triggering event may be registered based on whenthe user shakes his or her mobile device in a particular way.Alternatively, the mobile device may register a triggering event whenthe user selects a button or enters a code on a mobile application onthe mobile device.

After the mobile device registers a triggering event, the mobile deviceidentifies the smart lock it is opening, as shown in step 502. It isthen determined whether the rules are configured to grant the userconditional access rights or fixed access rights, as shown in step 503.If the user has conditional access rights, then the mobile device willsubmit a request to the master or administrator as shown in step 504.Otherwise, the rules and access rights are evaluated to determine if theuser is authorized to open the lock at step 505.

As described above, a mobile device may submit a request to anadministrator in several ways. For example, the mobile device may submita request to a master device, an administrator device, or a centralserver using its data connection, by sending a text message, or byplacing a call to the central access server with a call center. In someembodiments of the invention, the master, administrator, or centralaccess sever may require the user provide additional credentials beforeissuing a token. For example, the request submitted by the user's mobiledevice may include the user's location, password, or other similaridentifying credentials, such as their phone number or email address. Asanother example, the additional credentials may include the GPScoordinates of the user's mobile device that corroborate that the useris at the location of the smart lock. In other embodiments, the user mayalso be required to take a picture of the smart lock and provide it withthe request to prove the user is located at the location of the smartlock. After the credentials are successfully validated, a token is sentto the user's mobile device.

If the master or administrator approves the user's request, or the userhas sufficient access rights to open the lock, then the user may receivea token as shown in step 506. If the master or administrator denies theuser's request, or the user is unauthorized to open the lock, the userwill not receive a token, as shown in step 507.

The user may then provide authentication information to the smart lock,as shown in step 508. If the user will be opening the lock by entering apasscode on the keypad, the user may for example, receive the passcodeas a text message, or displayed on a mobile application, which the usercan enter on the smart lock keypad. If the user's mobile device will bewirelessly transmitting the token to the smart lock, then the mobiledevice may transmit the token automatically, once it is received.

In one aspect of the invention, additional layers of security may berequired before the authentication information may be provided to thesmart lock. For example, a user may be prompted to enter a password intothe mobile device before it will wirelessly transmit the authenticationinformation to the button. In other embodiments, the rules may beconfigured to require the user to scan his or her fingerprint on themobile device before receiving a token. As described above, the mobiledevice may also automatically transmit the authentication informationwithout further interaction from the user. For example, the mobiledevice may transmit the authentication information upon launching amobile application.

In some embodiments, the button may be a part of an inter-connected hubof devices that may be controlled from a single interface and areautomated based on events occurring in the access control system. Forexample, the inter-connected network of devices may include a homethermostat, lighting system, sound system, and access control systemwhich communicate wirelessly over WiFi or Bluetooth. The homethermostat, lighting system, sound system, and access control system maycommunicate to each other or to a central server using the sameApplication Programming Interface (“API”). Using the API, the homethermostat, lighting system, sound system, and access control system maybe automated based on certain rules or events. For example, after a userunlocks his home door with his mobile device, the access control systemmay communicate user preferences to the thermostat to turn on the airconditioner at a certain temperature, to turn on certain lightingfixtures in the living room, and start playing specific user-definedmusic over the speaker system.

In some embodiments of the invention, the interconnected hub of devicesoperates according to settings that are customized for users,administrators, or masters. When a person registers a triggering event,they are identified, and the interconnected hub of devices operatesaccording to the settings customized to that person. For example, aparent may configure the settings for the interconnected hub of devicessuch that when the parent unlocks the front door, the lights in thebedroom and kitchen are turned on, music from a specific playlist isplayed on the living room sound system, and the air conditioning/heatingis turned on to bring the house temperature to 70°. A child mayconfigure different settings that turn on different lights in the house,play different playlists, and heat/cool the temperature of the room to adifferent temperature. Thus, if a parent unlocks a front door to a home,thereby registering a triggering event, the interconnected hub ofdevices may operate according to the customized settings defined by theparent, and turn on the lights in the bedroom and kitchen, play musicfrom a specific playlist on the living room sound system, and turn onthe air conditioning/heating to bring the house temperature to 70°.

In some embodiments, the movement or position of the door as describedabove may register a triggering event that causes an interconnected hubof devices to perform certain tasks or sequences of tasks. For example,when it is determined that a door has been opened, a triggering eventmay be registered to communicate to the thermostat to turn on the airconditioner at a certain temperature, to turn on certain lightingfixtures in the living room, and start playing specific user-definedmusic over the speaker system.

FIG. 6 shows a process for enabling a master or administrator to controlan access control system. In step 601, a set of configurable rules andaccess rights is displayed to a master or administrator. In step 602,the master or administrator configures access rights to determine whichsmart locks a user may access. In step 603, the master or administratorconfigures rules that specify which access channels a user may use toopen a smart lock, and what (if any) conditions must be satisfied beforeopening the smart lock.

When a user who has conditional access rights submits a request to opena smart lock as described above, a master or administrator receives arequest for access, as shown in step 604. For example, a request may bereceived in the form of a text message, phone call, or as a notificationdisplayed on a mobile application of the master or administrator. Therequest may be received directly from a user, or it may be received fromthe central access server, which received the request from the user.

In step 605, the user request is validated. The user may be validatedby, for example, requesting the user provide additional credentials,such as a password. As another example, the master or administrator mayobtain the ID of the user's mobile device to determine if the mobiledevice has been reported as lost or stolen. If it is stolen, the rulesmay be configured to automatically deny the request for access andnotify the master, administrator, or user of the attempted use.

If the master or administrator validates the user, then the master oradministrator may proceed to step 606, where the master or administratordetermines whether to grant access to the user. In this step, the rulesand access rights may be checked to determine if the user is authorizedto open the particular lock and if there are any conditions that must bemet before opening the lock. For example, it may be determined that theuser is not authorized to open the particular smart lock, or is notauthorized to open the smart lock on the particular day. If the user isauthorized, the master or administrator may still decide to deny theuser access. For example, a master or administrator may prefer to usehis or her discretion in approving requests even if the user isauthorized. If the master or administrator determines to approve therequest, then a token or passcode is generated and provided to the user.The token or passcode may be transmitted to the user as described above.For example, the token or passcode may be sent in the form of a textmessage, phone call, or as a notification displayed on a mobileapplication of the user. The token or passcode may then be provided tothe user at step 608.

According to some embodiments of the invention, a mobile application maybe installed on the master device, administrator device, or user'sdevice, for controlling an using the access control system. The mobileapplication for masters or administrators may provide an interface to:view access information; create access rights; view access logs; manageuser rights; open a lock; and create reports of successful entries, andrefused entries, including details of why entry was refused (e.g., theuser accessed the lock outside of the timeframe or date it was permittedto access the lock, or was not allowed to open the lock in the firstinstance). In this way, the access control system provides the safetyand reliability benefits of a mechanical lock and key system, while alsoproviding the reporting and real-time value-added services of mobiledevices and electronic lock systems. Similarly, the mobile applicationfor users may provide an interface to: receive access alerts; requestaccess rights; view access logs; and open a lock.

In one aspect of the invention, the mobile application provides an“informer” feature as shown in FIG. 7A, which informs masters,administrators, and users about information related to access events andaccess rights. For masters and administrators, the mobile applicationwill receive information about access events, such as when a useraccesses a lock. As shown in FIG. 7A, the feature provides an alert tothe master or administrator that Johnson Smith wishes to open a gate, isin close proximity to a gate, or is attempting to open a gate. The alertnotifies the master or administrator of the access event or change inaccess rights in near real-time. Because the events can be communicatedquickly to the master or administrator, the mobile application mayadditionally provide the master or administrator the option to deny theuser from accessing the secured site in near real-time. Similarly, themobile application may also receive alerts when a user attempts to opena lock with invalid authentication information (e.g., an incorrectpasscode).

Using the wireless or location-based capabilities of the mobile device,the mobile application can determine the length of time that a userstays at a secured site. The mobile application may also receiveinformation from the button about when it was locked and unlocked todetermine when the user gained access and subsequently left a securedsite. As explained in more detail below, the button on the lock willalso transmit its lock/unlock status to a user's mobile device. Theuser's mobile device may then transmit the lock/unlock status to thecentral access server, which may then send a notification to a master oradministrator about the status of the lock. In this way, after a userhas subsequently left a secured site, a master or administrator may bealerted that the site is still unlocked, and may contact the userinforming him or her that they forgot to lock the site.

In one aspect of the invention, the mobile application may display to amaster or administrator which areas of a secured site have been lockedor unlocked, as shown in FIG. 7B. When a user unlocks or locks a sitewith their mobile device, the mobile device communicates the informationto the central access server. The central access server then providesthe lock/unlock status to masters or administrators. When the user locksor unlocks a site using an alternative channel of access, theinformation is stored on the smart lock and communicated to the centralaccess server the next time a mobile device is used to open the smartlock.

The mobile application is also programmed to provide a user interfacefor displaying and configuring how these sites may be unlocked. Forexample, as shown in FIG. 7C, the mobile application can show whether asite may be opened automatically or manually.

Another interface of the mobile application provides a display of whichusers have access to a lock. As shown in FIG. 7D, the interface displaysa picture of each user, and their personal information such as name andcontact information. Each user on the list may be selected or deleted.Selecting the user causes the mobile application to display anotherinterface that shows additional details about the user.

In one aspect of the invention, the informer will display alerts andmessages in connection with changes made to a user's access rights. Asshown in FIG. 7E, the informer may alert a user that he or she hasaccess rights to a particular site (e.g., Gate A) at a specific time(e.g., from Monday to Friday from 5:00 pm to 8:00 pm). Similarly, theinformer may notify the user that he or she received new access rightsto a particular area, or that those access rights have been limited, orrevoked.

While FIGS. 7A-7E demonstrate the alert and messaging functionality ofthe informer using the mobile application interface, alerts and messagesregarding access rights may also be communicated to the users via SMStext, e-mail, or by a phone call. Thus, for example, when user accessrights change, the user may receive an SMS text informing the user hisor her access rights have been changed.

In one aspect of the invention, the mobile application provides an“authorization” feature, which enables masters and administrators tocreate and change users' access rights, and allows users to requestaccess rights. Access rights for each user are stored in the masterdevice, administrator device, or central access server, where eachuser's attempt to access a lock may be validated.

As shown in FIG. 8A, the mobile application may provide an interface formasters or administrators to create user access rights and rules. Forexample, the interface allows the master or administrator to specify theuser's contact information (e.g., name, phone number, occupation, age),the particular individual locks that the user will have access to, theaccess channels the user may use (e.g., passcode, biometric scan,wirelessly transmitting a token to the smart lock, or any combination ofthereof), and conditions to the user's access (e.g., restrictions on thetime of the day). The authorization feature of the mobile application isavailable to masters and administrators. In some embodiments of theauthorization feature used by administrators, after providing the accessinformation the administrator submits the information as a request tothe master. The information is then communicated to a master whoultimately approves or denies the creation of access rights for the newuser. The creation of access rights may happen in near real-time; when amaster approves a user's request or an administrator's request, the usermay immediately begin using their mobile device, passcode, or biometricscan to access the designated smart locks.

In one aspect of the invention, the master or administrator can specifya particular lock, area, or door within a site, as shown in FIG. 8B. AsFIG. 8B shows, a master or administrator can select locked areas such asa front gate, gym, entertainment room, or office to grant access to auser. The mobile application enables this configuration to occurremotely and in near real-time; a master or administrator is notrequired to be on-site to make a key copy or update any records therebycausing delay.

The status may correspond to the information received from the sensorsdescribed above that correspond to a door being opened or closed, and abolt being locked or unlocked.

As described above, the authorization feature allows masters oradministrators to add restrictions to a user's access. As shown in FIG.8C, a master or administrator may allow a user to have permanentindefinite access, or may limit the user's access to be temporary, ormay limit the access to be during select intervals throughout the day,week, month, or year.

The authorization feature may additionally allow a master oradministrator to provide one-time access on a case-by-case basis. A usermay receive one-time access by sending a request to a master oradministrator as described above. The request may be via the mobileapplication's authorization interface for users, SMS text, e-mail, or byphone call. The request can be for a particular lock or group of locks,and for a particular access type. The master or administrator maydetermine in near real-time to grant or deny the request. If the masteror administrator approves the request, the user can open the lock. Usingthe recording and reporting functionality the master or administratorcan determine when the user has finished using the lock, and disable orremove the user's access rights. Alternatively, if the master oradministrator decides to grant the user access, the master oradministrator may provide the user with a dynamic passcode that can onlybe used once, and expires after it has been used.

An access type interface, as shown in FIG. 8D allows a master oradministrator to configure the rules to specify what access channels areavailable to a user for opening a smart lock. For example, the master oradministrator can specify whether the user can open a smart lock bywirelessly transmitting a token to the smart lock, entering a passcodeon the keypad, using a biometric scan, or any combination thereof. Themaster or administrator may also add conditions limiting when a user mayaccess a smart lock, such as, adding time or date restrictions. Forexample, a master or administrator may specify that a user can access alock with a smartphone or mobile device Monday through Friday, but onweekends must additionally provide a biometric scan or passcode.

In one embodiment of the invention, a master or administrator may add auser's biometric scan to a smart lock using their respective mobiledevices. For example, a user may scan their fingerprint on theirsmartphone and send it to the master or administrator via SMS text orthe mobile app. The master or administrator may then add thefingerprints to the central access server, or the smart lock the nexttime their mobile device communicates to the smart lock. In this way, anew user's biometric scan can be added to a smart lock remotely, withoutthe user previously being located at the smart lock.

A user may send a request for access rights using the mobile applicationon their mobile device. After registering, the user may load a list ofsites and their corresponding locks and request access from the smartlock's corresponding master or administrator. The user may search for amaster or administrator and request access rights directly from them. Asan alternative to using the mobile application, the user may requestaccess by SMS text, e-mail or by phone call.

A master or administrator may modify the access rights of each userthrough the authorization interface at any time, as shown in FIG. 8E. Inone aspect of the invention, the access rights may be modified withoutnotifying or informing the users. In this way, the master oradministrator may change or delete the access rights associated with amobile device remotely and without requiring any access or interactionwith the user. Thus, if a mobile device is stolen or lost, a master oradministrator may disable that particular mobile device, preventing itfrom being used by unauthorized persons or in unwanted manners. Before amobile device may be disabled, the master or administrator may beprompted for additional credentials to authenticate his or her identity.If the disabled phone is subsequently used to access a smart lock (e.g.,by a thief or an unwanted person), the smart lock will reject it and themaster or administrator will be informed of the unauthorized attempt ataccess. As shown in the exemplary illustration below, the authorizationinterface allows masters or administrators to de-authorize users,disable users or remove them from a lock altogether. These changes to auser's access rights can be effectuated in near real-time.

In one aspect of the invention, the mobile application provides a“reporting” feature, which enables masters and administrators to viewrecords and logs of access events for each user or each lock. Records ofvarious access events, such as when and how a user sought or obtainedaccess to a smart lock, may be stored in the storage medium of thebutton as described above or in the mobile application of the of theuser's mobile device. For example, when a user seeks or obtains accessto a smart lock using his or her mobile device, a record of that accessevent may be stored in the mobile device or in the button. Similarly, ifthe user is accessing the smart lock via a redundant access channel(e.g., a passcode or biometric scan), the access event may be stored inthe button, and will be wirelessly communicated to the central accessserver at a later stage when another mobile device is in contact withthe smart lock.

Access events may further include information received by the sensorsdescribed above indicating whether a door has been opened or closed, orthe bolt has been locked or unlocked.

Logs of the access events for each user or each smart lock may becompiled and communicated to a master or administrator on a periodicbasis, or in near real-time. For example, as shown in FIG. 8F, a log ofa user's access events for the day may be compiled and reported to amaster or administrator. The logs show the details of each access eventfor a particular user, such as what smart lock was accessed, how it wasaccessed, and the precise time the user accessed it and how long theuser spent on site. Logs can further include records of successful andunsuccessful openings of smart locks, the time periods that users areallowed to open smart locks, and when users requested access to smartlocks. Similar logs can be compiled for each smart lock, reporting whoaccessed the smart lock, how it was accessed, and when it was accessed.Masters and administrators can configure how frequently they prefer toreceive reports of logs. Reports can be communicated to the centralaccess server, or communicated directly to a master or administrator.

In other embodiments of the invention, the logs may be communicateddirectly from the smart lock to an administrator or central server,bypassing the mobile device. As explained above, the smart lock maycommunicate this information directly to the central server oradministrator using its wireless connection, or through a networkdevice.

In one aspect of the invention, the logs and reports may be processed todiscover patterns about access usage and users. Specifically, the logsand reports can be mined to detect patterns relating to how and whenusers access different smart locks. Using these recognized patterns ofaccess behavior, the access control system may then predict accessevents to enhance system security or access control. For example, if thelogs and reports indicate that a user enters a home from the front gateat 5:00 pm every weekday, the access control system may automateprocesses or tasks in inter-connected devices, such as communicate tothe lighting system to activate the lights on the front patio, thethermostat to start the air conditioner.

FIGS. 9A-9C illustrate user interfaces for logging into the mobileapplication, requesting a token or passcode, and receiving a token orpasscode. As described above, a user may be required to providecredentials as shown in FIG. 9A, such as a password, before beingallowed to request a token or passcode. As shown in FIG. 9B, theinterface allows the user to view which smart locks they may access, andif they do not have access to a smart lock, or only have conditionalaccess rights, they may submit a request to a master or administrator.As FIG. 9B shows, a user may submit the request in several ways, such asfor example, by sending an alert to the mobile application on the mobiledevice of the master or administrator, or by sending them a text orplacing a call. As shown in FIG. 9C, if the user has been validated andapproved for access by a master or administrator, the user will receivea token or passcode. If the user receives a passcode, they passcode maybe displayed for the user to enter onto the keypad. If the user receivesa token, the token may be wirelessly transmitted to a smart lock.

In further aspects of the invention, user patterns discovered with thelogs may be used to optimize certain components of the smart lock. Forexample, the logs may be used to determine when a user typically leavesand arrives home. With this information, the smart lock may determinecertain periods when the smart lock is least likely to be used, and maytherefore change some of its functions or its mode of operation. Forexample, the smart lock may determine that no one typically enters orleaves the home during business hours of a weekday. During this period,the smart lock may enter into a “sleep” mode, where the smart lockdeactivates certain features to reduce its power consumption.

Variations, modifications, and other implementations of what isdescribed herein may occur to those of ordinary skill in the art withoutdeparting from the spirit and scope of the present invention and itsclaims.

We claim:
 1. A lock for providing redundant access control comprising: ahardware processor; a cylinder adaptable to fit a standard profile slotof a door, the cylinder comprising a cam to engage a bolt; a button forengaging the cam to unlock the bolt, the button comprising a powersource and a plurality of redundant access channels for receivingauthentication information, the redundant access channels comprising abiometric scanner for receiving biometric information, a passcodekeypad, and a wireless transceiver configured to communicate in nearreal-time with a mobile device, and with one of: 1) a network device, 2)a control access server, and 3) an administrator device; wherein thehardware processor is configured to: validate authentication informationreceived from the passcode keypad, biometric scanner, or mobile devicebased on communications received from the mobile device, network device,control access server, or administrator device, unlock the bolt when auser is authenticated through a first channel of the plurality ofredundant access channels, and when the user cannot open the lockthrough the first channel, allow access through a second channel of theplurality of redundant access channels.
 2. The lock of claim 1, furthercomprising a wireless modem configured to create a cellular broadbandconnection and communicate to an administrator device or a centralaccess server in near real-time.
 3. The lock of claim 1, furthercomprising a wireless modem configured to create a short range wirelessconnection and communicate to an administrator device or a centralaccess server in near real-time.
 4. The lock of claim 1, wherein thelock is configured to receive an instruction from the central accessserver or the administrator device over the cellular broadbandconnection to block access to a user based on the user's biometric scan,passcode, or mobile device IMEI.
 5. The lock of claim 1, wherein thelock is configured to: receive a token, a biometric scan or a passcode,transmit a request for access to the lock based on a set of configurablerules, and receive an instruction to grant or deny the request foraccess from the administrator device or central access server in nearreal-time.
 6. The lock of claim 1, wherein the button comprises aninertial module configured to determine a door status that indicateswhether a door has been opened or closed, and communicate the doorstatus to the administrator device or central access server in nearreal-time.
 7. The lock of claim 1, wherein the lock is configured todetermine a bolt status that indicates whether the bolt is in a lockedor unlocked position, and communicate the bolt status to theadministrator device or central access server in near real-time.
 8. Thelock of claim 1, wherein the button is removable, and the button furthercomprises a recharge interface and a storage medium for storing accessinformation, wherein the recharge interface is configured to be coupledto a power outlet or recharge station for recharging power to thebutton, and wherein the storage medium is configured to transmit theaccess information when the button is recharging.
 9. The lock of claim8, wherein the button is configured to be removed upon entry of validcredentials.
 10. The lock of claim 1, wherein the button is a firstbutton disposed on the interior face of the door and comprises a powersource, and wherein the lock further comprises a second button coupledto the cylinder, the second button being disposed on the exterior faceof the door and is powered by the power source of the first button. 11.The lock of claim 1, wherein the button further comprises an I/O portconfigured to receive power from an external device, and deliver accessinformation to the external device.
 12. A system for controlling a lockhaving redundant access channels, the system comprising: the lock forproviding redundant access channels according to claim 1; and a networkdevice, wherein the lock is coupled to the network device over ashort-range wireless connection, and the network device is coupled tothe administrator device or central access server over a networkconnection.
 13. The system of claim 12, wherein the network device isconfigured to receive a token, a biometric scan, or a passcode from thelock, and relay the token, biometric scan, or passcode to theadministrator device or central access server.
 14. The system of claim12, wherein the network device is configured to receive an instructionfrom the central access server or administrator device to block accessto a user based on the user's biometric scan, passcode, or mobile deviceIMEI.
 15. The system of claim 12, further comprising an inter-connectedhub of devices coupled to the network device over a short range wirelessconnection, wherein the network device is configured to communicate tothe inter-connected hub of devices upon a triggering event.
 16. A methodfor controlling access to a lock, the lock comprising a plurality ofredundant access channels and a wireless transceiver configured tocommunicate to a network device over a short range wireless connection,the method comprising the steps of: receiving user authenticationinformation from the lock over the short range wireless connection, theauthentication information for obtaining access to a first redundantaccess channel of the plurality of redundant access channels, theplurality of redundant access channels comprising a biometric scan, apasscode, or a token; transmitting the authentication information over anetwork connection to an administrator device or central access serverfor validation based on a set of configurable rules; receiving aninstruction from the administrator device or central access server togrant or deny access to the user; and transmitting to the lock theinstruction to grant or deny access to the user.
 17. The method of claim16, further comprising: registering a triggering event; and sending aninstruction to an interconnected hub of devices based on the triggeringevent.
 18. The method of claim 16, further comprising determining a userpattern based on access information maintained by the lock.
 19. A methodfor controlling access to a lock, the lock comprising a plurality ofredundant access channels and a wireless transceiver configured tocreate a cellular broadband connection for communicating directly to anadministrator device or a central access server, the method comprisingthe steps of: receiving user authentication information for obtainingaccess to a first redundant access channel of the plurality of redundantaccess channels, the plurality of redundant access channels comprising abiometric scan, a passcode, or a token; transmitting the authenticationinformation to an administrator device or central access server forvalidation over the cellular broadband connection based on a set ofconfigurable rules; receiving an instruction from the administratordevice or central access server to grant or deny access to the user; andengaging a cam to open or close a bolt of the lock based on the decisionto grant or deny access to the user.